DEV-2705 poam update deps #111
Conversation
qiaouchicago
force-pushed
the
feat/dev-2705-POAM-update-deps
branch
from
2854bd6
to
8b1e31a
Compare
| @@ -18,7 +18,7 @@ pre-commit: | |||
| tox: | |||
| parallel: | |||
| matrix: | |||
| - BUILD_PY_VERSION: [python3.7, python3.8, python3.9, python3.10, python3.11] | |||
| - BUILD_PY_VERSION: [python3.7, python3.8, python3.9, python3.10] | |||
There was a problem hiding this comment.
I noticed the tox.ini only includes py38. Should we update that to include the additional versions here that are defined for gitlab?
There was a problem hiding this comment.
I think it might be a good idea to keep it to one python version in tox. This matrix section should override the env section in tox. Otherwise the default tox run locally will run the test suite 4 times.
There was a problem hiding this comment.
This may have been a bad recommend on my part. My motivation was to keep the files in sync so that if a developer wanted to run tests against all the python versions that gitlab was going to run, that would be an easy option. Otherwise, they could use the -e flag to specify a particular environment.
It seems like there are other concerns here. Maybe we should enact a policy that the tox.ini only has a single target python version, regardless of whether it's a service or library (since gitlab will catch issues with the full set of python versions) and the tox.ini can specify the preferred version of python to use? @ProfOak and @kulgan , thoughts on that?
And that brings up another question. If that's is our intention, what is the appropriate version of python to specify in the tox.ini? Why would we default to python 3.8 instead of either the min or max version?
| # via indexd (setup.py) | ||
| sqlparse==0.4.4 |
There was a problem hiding this comment.
https://pypi.org/project/sqlparse/#history
need python3.8 to upgrade this.
setup.py
Outdated
| @@ -50,5 +49,7 @@ | |||
| "requests", | |||
| "ddtrace", | |||
| "importlib-metadata; python_version < '3.8'", | |||
There was a problem hiding this comment.
| "importlib-metadata; python_version < '3.8'", | |
| "importlib-metadata>=1.4; python_version < '3.8'", |
1.4+ and above is for python3.8+. Also this depends on what indexd is using it for. Can you do a scan to see if indexd uses it for, else I think we should remove and let pip-compile resolve it, same for typing extension
There was a problem hiding this comment.
used here: https://github.com/NCI-GDC/indexd/blob/develop/indexd/index/blueprint.py#L520
do you think we should remove the endpoint?
tox.ini
Outdated
| @@ -1,5 +1,5 @@ | |||
| [tox] | |||
| envlist = py38 | |||
| envlist = py37,py38,py39,py310 | |||
There was a problem hiding this comment.
I think we should stick to a specific version of python (the one used at runtime) as this is not a library. I know we use it as a library and I think that is bad and we should stop doing that. Also, having a single python version here does not stop one from running it on multiple python versions, but by default it runs on the proper python version
There was a problem hiding this comment.
This was due to my recommendation (which may not have been a good suggestion). Please see my related comments on this in the gitlab yaml.
|
synk want sqlparse 0.5.0, which only work for python3.8+ |
update dependencies for snyk. Removed python3.11 from gitlab ci
https://gdc-ctds.atlassian.net/browse/DEV-2705
Upgrade idna to version 3.7 or higher.
https://gdc-ctds.atlassian.net/browse/DEV-2703
Upgrade Jinja2 to version 3.1.4 or higher.
The following one needs python3.8, NOT updating in this ticket.
https://gdc-ctds.atlassian.net/browse/DEV-2704
Upgrade werkzeug to version 3.0.3 or higher.
https://pypi.org/project/Werkzeug/